Blog Detail

When to comply?

GDPR comes into effect on 25 May 2018. However, that does not mean that businesses can put off compliance until then.

The Data Protection Act 1998, ePrivacy and PECR all remain in force and are applicable to UK businesses. Whilst GDPR has generated many column inches and caused businesses to focus on data protection compliance, it does not mean that businesses are permitted to be non-compliant prior to May 2018.


What do I need to do to be compliant?


Any new business should consider whether it needs to carry out a data protection impact assessment (DPIA). A DPIA is required where a business is using new technologies and the processing is likely to result in a high risk to the rights and freedoms of individuals. It is good practice for all new businesses and those introducing new services (particularly where a DPIA may not have previously been completed) to carry out a DPIA.

A business should ensure that it is registered with the Information Commissioner's Office and that it has disclosed the types of data it handles and what it does with that data.

Every business should publish a privacy statement (also called a privacy policy). This sets out the legal conditions for processing personal data, what personal data is processed, what the business does with that data and seeks consent for certain types of processing (including direct marketing and transfer to a non-UK jurisdiction.)

Businesses will generally need a raft of additional policies and procedures to be put in place to ensure that it can demonstrate compliance with the regime.


What about meeting the accountability obligation under GDPR?


Businesses currently have to be able to demonstrate compliance with the data protection regime and are expected to take steps to ensure that they remain compliant with the regime. GDPR imposes an explicit obligation of accountability. Businesses should undertake a quarterly review of their compliance with a DPO or external adviser and document that review.

Buckworths Compliance offers an affordably priced monthly retainer which covers quarterly reviews and any urgent needs for advice on compliance that may arise from time to time.